Best way for dealing with password changes for accounts needed to run scripts?

689
5
10-04-2021 07:37 AM
CarlVricella
New Contributor III

My org uses ArcGIS Online and we have a number of python scripts currently using named users to authenticate with AGOL via the python api. The issue is that we must use a password policy and have passwords reset every x amount of days. The API does not seem to have any way to check when an accounts password will expire. Problematic as I have 5 or 6 accounts running scripts (use a dedicated account for each grouping of servers to prevent conflicts as 1 account can only be used on 3 machines at a time) and it's a hassle to manual manage all of them. I want to be programmatically check when a password will need to be changed so I can automate the reset and updating of the stored passwords in protected directories.

 

Before I come up with my own solution, I was wondering if there is a better way to deal with this? Maybe I missed something and there is a more permanent way to authenticate without using an on-prem Portal. Or there is something in the API refs I missed. It seems I'll have to store a log of when passwords were reset.   

As far as I can tell from the documentation this or using ArcGIS Pro authentication are the only ways to connect to AGOL and run our scripts...pro auth token will only last two weeks so that's out of the window (unless there is someway to specify a longer default token parameter for Pro with AGOL, but there does not seem to be) 

5 Replies
JakeSkinner
Esri Esteemed Contributor

Hi @CarlVricella,

You can use an Oauth2.0 Application to generate your token:

1.  In ArcGIS Online go to Content > New Item > Application

2.  Other application > Next

3.  Specify a Title and Tags and click Save

JakeSkinner_0-1633360918484.png

 

4.  In the Items Details of the new application, click the Settings tab

5.  Scroll down and click Registered Info

6.  Copy the App ID and App Secret

JakeSkinner_1-1633360994501.png

 

7.  You can then use this to generate a token:

import requests, json

# Generate Token
try:
    params = {
        'client_id': clientId,
        'client_secret': clientSecret,
        'grant_type': "client_credentials",
    }
    request = requests.get('https://www.arcgis.com/sharing/oauth2/token', params=params)
    response = request.json()
    token = response["access_token"]
except Exception as e:
    errorLog("Error generating token", e)
CarlVricella
New Contributor III
Ah cool, so if I do it like this even if the password expires on the account that registered the application I can still generate the access token indefinitely?


0 Kudos
JakeSkinner
Esri Esteemed Contributor

Correct, the expiration of the application owner's password should not interfere.

0 Kudos
CarlVricella
New Contributor III

and I can provide this token to initiate a connection AGOL via the python api's GIS module? 

0 Kudos
JakeSkinner
Esri Esteemed Contributor

Unfortunately, not with the ArcGIS API for Python.  When trying to do so, a browser is opened asking for credentials.

https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/

0 Kudos